I think I heard the question to be whether we have investigated any of those departments as a result of this. We have not. As indicated, it's not a legal requirement under the Privacy Act, so I would not have a basis for investigating non-compliance with that directive. We have reached out to them and we're going to continue to do so. We're going to continue to insist that PIAs have to be conducted.
My recommendation to this committee and to the House is that it should be a legal obligation in the Privacy Act. It should also be a legal obligation in the private sector privacy act, so that this becomes a proactive duty that would then give me a clearer mandate and authority to make sure that it's done. Canadians would see that this is part of their privacy protections.
Too often Canadians will feel that they're left to their own devices. It's up to them to consent. It's up to them to inform themselves. We do give tips to Canadians on best privacy practices and so on, but Canadians deserve to feel that their institutions are there to protect them and for them to rely on, knowing that government is using this, that government has consulted the Privacy Commissioner's office and that there are privacy experts who are in on this from the design.
That's what I want to see more of. That starts with an obligation in the Privacy Act.